As it turns out, this is the third year of the series. I don’t know if I had heard of the series before, but I’ll try to keep an eye out for future ones. However, if the attendance of this morning is any indication, gtsi was expecting about twice as many people to show up as actually came.

Look to thin clients to eliminate the desktop as an issue. Sun pushes SunRay, which seems to me to be a descendant of the old Citrix, with all the good and bad associated with that. I’m still dubious of the value proposition.

About 85% of Fortune 500 companies are using some sort of Open Source in their enterprise.

The upshot of this was embedding security into the fabric of the network.

Security becomes a service within the substrate of the network instead of a layer tacked on to the network

Cisco claims a reduction in operating expense (or OPEX) by 30-40%

Cisco is pushing their for a centralized security policy repository containing both privileges/roles and audit — but not authentication and/or provisioning. This also further builds on the idea of security as a service.

After the purchase of IronPoint, Cisco is using SenderBase as a way of validating acceptable content without inspecting the content itself.

Supposedly, SenderBase is white/black list compiled by a group of experts. However, I cannot find any of my personal domains listed in the database one way or the other, and the only domain from all of my current and former employers in SenderBase is Oracle. Decide for yourself, but that doesn’t fill me with confidence about the service.

Stephen talked about a way to appeal your status if you believe yourself to be miscategorized as a “bad” sender of email. I did some poking around looking for ways to appeal, and I didn’t see much of anything.

Stephen was recommending looking at the Open Web Application Security Project (or OWASP) as both a quality reference and repository of guidelines that Cisco uses — in particular the Testing Project. Cisco is implementing this in their Web Application Firewall, using a layer 7 focus on the data stream (which has the secondary benefit of supporting virtual application patching, something Cisco defines as the ability to prevent things like buffer overruns at the network layer by preventing transmission of data beyond the boundaries of individual fields within the web page, as an example)

Some trivia:

The majority of business transactions occur over ports 25, 80 & 443, which is a departure from the old way of registering new port numbers for a specific transmission type.

Spam traffic increases approximately 18% per month.

Representatives from both gtsi & NRC spoke in the second session, but l couldn’t quite hang around for it. gtsi will be posting video and the slides in the near future. When they’re available, I’ll post a link.